AI Insights
Showing results for 
Search instead for 
Did you mean: 

Leading the Pack in Firmware Protection


With hackers now targeting firmware, cybercrime costs are spiraling at an accelerated rate. HPE Gen10 solves this challenge with the silicon root of trust—driving security all the way down to the firmware level.

Blog_Security_BobM (1).jpgScanning your server hardware to make sure it has not been tampered with is more important than ever. With today’s enterprise IT security solutions focused on offering comprehensive protection for applications and data, sophisticated cybercriminals realize that hardware systems are more likely to be left unprotected.

In particular, hackers are focusing attacks on server firmware. Once they establish a foothold there, they can take over all the server functions, and then move laterally throughout the data center infrastructure to infiltrate other servers. Even worse, such attacks can easily go undetected for months. By the time IT finds out, digital assets and sensitive information have long been compromised.

Major industry player demonstrates importance of protecting firmware

The recent announcement by Google that it’s now deploying computer chips within its data center servers to scan for malware attacks shows how seriously the industry is taking the firmware threat. Google realizes how much value customers place in an IT security strategy that protects both the software and the hardware components.

Pursuing advanced server firmware protection is critical as cybercrime costs spiral at an accelerated rate. A Ponemon Institute report on the cyberthreat environment found there are 720 million hack attempts every 24 hours worldwide, and it takes the average business 99 days to detect malicious code. The delay in discovery leads to huge costs, with companies losing $9M on average each year due to cybercrime.

The pioneer in firmware protection

As the pioneer in driving IT security solutions down to the server firmware level, we at HPE recognize the importance of the Google announcement. HPE was the first to devise a strategy to help businesses take on the challenge of deploying protection at the silicon layer with our Silicon Root of Trust. Since imitation is the greatest form of flattery, we welcome Google to the high stakes game of cybersecurity protection. In an attempt to differentiate itself in the public cloud space, Google’s announcement does draw into question what other large cloud providers might not currently have—namely firmware protection based in silicon.

HPE began with one of the strongest firmware security statements in the industry—when we introduced our generation 10 ProLiant server platforms, offering unique server firmware protection, detection, and recovery capabilities. With Gen10, we offer the world’s most secure industry-standard servers.

Impossible to compromise

Each HPE Gen 10 ProLiant server has a Silicon Root of Trust burned into the components on the motherboard, making them impossible to compromise. The system cannot boot unless the silicon  first checks out the server firmware as being secure. If any malicious code is present, the firmware resets itself to its original, known good, state before booting.

The silicon root of trust is spearheaded by the HPE iLO 5 management controller, an HPE-specific design that is much more advanced than generic controllers offered by other vendors. HPE iLO intellectual property is owned solely by HPE, as well as the firmware backed by a strict process for both access and sign-off on changes.

The fact that HPE designs and produces its own server iLO silicon is a huge differentiator. Even the software operating environment for iLO is unique. iLO utilizes HPE-controlled software tools, making it more difficult to compromise compared to generic Linux-based tools that most server vendors use for their management controllers.

We have also applied enhancements to further increase the level of physical security that our servers provide. This includes Microfocus Atalla Enterprise Secure Key Management (ESKM), which provides key management of encrypted devices like rotating media. HPE 3PAR StoreServ flash storage has self-encrypting drives, while HPE Smart Array controller cards provide seamless encryption on all drives, even if they are not self-encrypting. 

The protection you need to defend against today’s threats

Emerging technologies are opening new business opportunities but also introducing new risk as the security threat landscape is increasing and as attacks become more sophisticated. To take on this challenge, discover the IT security hardware strategy HPE has developed by checking out HPE locks down server security by Moor Insights and Strategy. See how your business can stay ahead of the threats through our unique server firmware protection, detection, and recovery capabilities.

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.